Route Origin Authorization

$ rpki-client -vvf rpki.cernet.net/repo/cernet/0/AS144947.roa
File:                     AS144947.roa (raw, json)
Hash identifier:          u4W2Hcu2K2A5vTxL58Db0n00pvf6zthCnD3f7od4Yf0=
Subject key identifier:   74:AB:35:82:C9:FA:B9:F5:A5:B3:C8:9E:A6:7B:18:17:B4:98:F6:77
Certificate issuer:       /CN=A91E5D610001/serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
Certificate serial:       1F12FFD936F73ACCB3952065AE84BC27EC6064B1
Authority key identifier: 05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
Subject info access:      rsync://rpki.cernet.net/repo/cernet/0/AS144947.roa
Signing time:             Wed 04 Mar 2026 06:21:38 +0000
ROA not before:           Wed 04 Mar 2026 06:16:38 +0000
ROA not after:            Wed 03 Mar 2027 06:21:38 +0000
asID:                     144947
IP address blocks:        240a:a8f9::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl
                          rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 28 Mar 2026 22:54:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            1f:12:ff:d9:36:f7:3a:cc:b3:95:20:65:ae:84:bc:27:ec:60:64:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E5D610001, serialNumber=05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA
        Validity
            Not Before: Mar  4 06:16:38 2026 GMT
            Not After : Mar  3 06:21:38 2027 GMT
        Subject: CN=74AB3582C9FAB9F5A5B3C89EA67B1817B498F677
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:e8:11:04:4a:48:73:01:56:97:b1:2d:86:34:
                    e5:5b:6a:2f:b5:e4:81:92:f8:2b:89:95:23:a9:18:
                    f2:52:95:a2:ed:65:96:ba:76:7a:a0:df:92:d2:94:
                    bb:15:d1:78:a7:1c:a3:12:95:b5:95:be:a9:de:1b:
                    79:6b:28:19:85:53:51:8b:a0:67:aa:c2:03:da:39:
                    02:f8:6d:17:e0:24:c7:98:25:bc:14:86:6a:ce:c0:
                    20:04:63:19:bf:ba:70:2e:95:24:14:0d:2c:a9:58:
                    4f:ad:cb:77:a0:9f:25:70:19:1e:80:9d:fa:0a:2c:
                    5c:20:33:dd:0e:84:33:10:f3:74:19:a5:0d:fe:5e:
                    ed:e0:04:e1:29:e3:e1:7a:f8:ca:35:c0:83:aa:0e:
                    67:90:c0:ea:11:f3:59:c9:17:fb:40:d3:1a:11:6f:
                    9a:4a:b7:f6:82:95:d0:eb:9a:09:9a:9c:c5:f4:1c:
                    4b:96:84:24:0b:6d:2d:40:eb:5e:4f:40:02:dc:74:
                    ee:b0:8e:09:f3:6b:21:c0:b3:aa:51:af:6f:01:b4:
                    11:ff:84:76:61:7c:39:01:e8:18:59:0c:93:34:b2:
                    fc:4d:d9:83:ca:af:99:1c:cd:77:72:cd:36:1e:fd:
                    74:b8:6e:91:e9:bb:96:7a:fb:44:52:a9:c4:0e:c5:
                    eb:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:AB:35:82:C9:FA:B9:F5:A5:B3:C8:9E:A6:7B:18:17:B4:98:F6:77
            X509v3 Authority Key Identifier:
                keyid:05:FC:9C:5B:88:50:6F:7C:0D:3F:86:2C:88:95:BE:D6:7E:9F:8E:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.cernet.net/repo/cernet/0/05FC9C5B88506F7C0D3F862C8895BED67E9F8EBA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BfycW4hQb3wNP4YsiJW-1n6fjro.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.cernet.net/repo/cernet/0/AS144947.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  240a:a8f9::/32

    Signature Algorithm: sha256WithRSAEncryption
         83:57:6c:bc:f0:ec:b1:81:4c:b9:e5:24:64:5f:90:ab:84:c7:
         a0:d2:b1:16:bb:82:32:59:30:41:82:98:b9:b0:d3:b0:17:38:
         71:33:9e:a4:81:cc:ba:6a:21:a2:44:7b:c6:f0:36:c1:e6:ba:
         7d:a8:9a:94:37:ab:cd:b9:f3:6a:7c:f0:ae:b6:e4:f5:46:3c:
         c4:7a:b0:ea:97:ba:6b:f1:57:64:d4:de:c6:d8:d3:17:d8:ab:
         d8:cc:53:90:1d:86:cb:58:ae:30:a9:90:03:2c:28:07:ee:80:
         64:a1:0f:1d:f1:4d:2c:6a:8a:80:c7:36:a8:1e:18:27:0c:6b:
         ee:8a:73:d8:f0:03:d1:8d:51:8a:89:bf:90:0a:fb:c1:c0:a0:
         bb:9e:d4:e2:0b:71:f3:3a:8c:ea:5c:eb:66:ac:5f:aa:a0:ab:
         1a:97:9c:ac:52:2f:36:25:5c:8d:97:08:0a:86:72:ed:aa:0f:
         74:8c:45:eb:ff:28:14:d6:95:72:25:e0:d0:ca:86:d4:f1:82:
         34:1a:6c:53:be:64:61:9a:79:e2:b5:93:41:8a:27:a1:b9:7c:
         d6:7e:1e:b4:37:0f:16:67:e0:26:ca:ce:16:2b:76:3c:74:e3:
         fc:48:4a:8e:27:e8:76:17:d1:59:ca:46:97:a6:cd:d4:08:78:
         ba:73:0c:ae
-----BEGIN CERTIFICATE-----
MIIE0jCCA7qgAwIBAgIUHxL/2Tb3OsyzlSBlroS8J+xgZLEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAwwMQTkxRTVENjEwMDAxMTEwLwYDVQQFEygwNUZDOUM1Qjg4
NTA2RjdDMEQzRjg2MkM4ODk1QkVENjdFOUY4RUJBMB4XDTI2MDMwNDA2MTYzOFoX
DTI3MDMwMzA2MjEzOFowMzExMC8GA1UEAxMoNzRBQjM1ODJDOUZBQjlGNUE1QjND
ODlFQTY3QjE4MTdCNDk4RjY3NzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAKjoEQRKSHMBVpexLYY05VtqL7XkgZL4K4mVI6kY8lKVou1llrp2eqDfktKU
uxXReKccoxKVtZW+qd4beWsoGYVTUYugZ6rCA9o5AvhtF+Akx5glvBSGas7AIARj
Gb+6cC6VJBQNLKlYT63Ld6CfJXAZHoCd+gosXCAz3Q6EMxDzdBmlDf5e7eAE4Snj
4Xr4yjXAg6oOZ5DA6hHzWckX+0DTGhFvmkq39oKV0OuaCZqcxfQcS5aEJAttLUDr
Xk9AAtx07rCOCfNrIcCzqlGvbwG0Ef+EdmF8OQHoGFkMkzSy/E3Zg8qvmRzNd3LN
Nh79dLhukem7lnr7RFKpxA7F660CAwEAAaOCAcUwggHBMB0GA1UdDgQWBBR0qzWC
yfq59aWzyJ6mexgXtJj2dzAfBgNVHSMEGDAWgBQF/JxbiFBvfA0/hiyIlb7Wfp+O
ujAOBgNVHQ8BAf8EBAMCB4AwYwYDVR0fBFwwWjBYoFagVIZScnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC8wNUZDOUM1Qjg4NTA2RjdDMEQzRjg2
MkM4ODk1QkVENjdFOUY4RUJBLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUH
MAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFE
NjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9CZnljVzRoUWIzd05QNFlzaUpXLTFuNmZq
cm8uY2VyME4GCCsGAQUFBwELBEIwQDA+BggrBgEFBQcwC4YycnN5bmM6Ly9ycGtp
LmNlcm5ldC5uZXQvcmVwby9jZXJuZXQvMC9BUzE0NDk0Ny5yb2EwGAYDVR0gAQH/
BA4wDDAKBggrBgEFBQcOAjAgBggrBgEFBQcBBwEB/wQRMA8wDQQCAAIwBwMFACQK
qPkwDQYJKoZIhvcNAQELBQADggEBAINXbLzw7LGBTLnlJGRfkKuEx6DSsRa7gjJZ
MEGCmLmw07AXOHEznqSBzLpqIaJEe8bwNsHmun2ompQ3q82582p88K625PVGPMR6
sOqXumvxV2TU3sbY0xfYq9jMU5AdhstYrjCpkAMsKAfugGShDx3xTSxqioDHNqge
GCcMa+6Kc9jwA9GNUYqJv5AK+8HAoLue1OILcfM6jOpc62asX6qgqxqXnKxSLzYl
XI2XCAqGcu2qD3SMRev/KBTWlXIl4NDKhtTxgjQabFO+ZGGaeeK1k0GKJ6G5fNZ+
HrQ3DxZn4CbKzhYrdjx04/xISo4n6HYX0VnKRpemzdQIeLpzDK4=
-----END CERTIFICATE-----